------------------------------------------------------------------------
- OpenBSD 6.1 RELEASED -------------------------------------------------
April 11, 2017.
We are pleased to announce the official release of OpenBSD 6.1.
This is our 42nd release. We remain proud of OpenBSD's record of more
than twenty years with only two remote holes in the default install.
As in our previous releases, 6.1 provides significant improvements,
including new features, in nearly all areas of the system:
- New/extended platforms:
o New arm64 platform, using clang(1) as the base system compiler.
o The loongson platform now supports systems with Loongson 3A CPU
and RS780E chipset.
o The following platforms were retired: armish, sparc, zaurus.
- Improved hardware support, including:
o New acpials(4) driver for ACPI ambient light sensor devices.
o New acpihve(4) driver for feeding Hyper-V entropy into the kernel
pool.
o New acpisbs(4) driver for ACPI Smart Battery devices.
o New dwge(4) driver for Designware GMAC 10/100/Gigabit Ethernet
devices.
o New htb(4) driver for Loongson 3A PCI host bridges.
o New hvn(4) driver for Hyper-V networking interfaces.
o New hyperv(4) driver for the Hyper-V guest nexus device.
o New iatp(4) driver for the Atmel maXTouch touchpad and
touchscreen.
o New imxtemp(4) driver for Freescale i.MX6 temperature sensors.
o New leioc(4) driver for the Loongson 3A low-end IO controller.
o New octmmc(4) driver for the OCTEON MMC host controller.
o New ompinmux(4) driver for OMAP pin multiplexing.
o New omwugen(4) driver for OMAP wake-up generators.
o New psci(4) driver for the ARM Power State Coordination Interface.
o New simplefb(4) driver for the simple frame buffer on systems
using a device tree.
o New sximmc(4) driver for Allwinner A1X/A20 MMC/SD/SDIO
controllers.
o New tpm(4) driver for Trusted Platform Module devices.
o New uwacom(4) driver for Wacom USB tablets.
o New vmmci(4) VMM control interface.
o New xbf(4) driver for Xen Blkfront virtual disks.
o New xp(4) driver for the LUNA-88K HD647180X I/O processor.
o Support for Kaby Lake and Lewisburg PCH Ethernet MACs with I219
PHYs has been added to the em(4) driver.
o Support for RTL8153 USB 3.0 Gigabit Ethernet based devices has
been added to the ure(4) driver.
o Improved ACPI support for modern Apple hardware, including S3
suspend and resume.
o Support for X550 family of 10 Gigabit Ethernet based devices has
been added to the ix(4) driver.
- New vmm(4)/ vmd(8):
o Support was partially integrated in 6.0, but disabled.
o Support for amd64 and i386 hosts.
o BIOS payload provided via vmm-firmware, delivered via
fw_update(1).
o Support for Linux guest VMs.
o Better interrupt handling and legacy device emulation.
o vmm(4) no longer requires VMX unrestricted guest capability
(Nehalem and later CPUs are sufficient).
o Removed bounce buffers previously used by vmd(8) for vio(4) and
vioblk(4) devices.
o Support VMs with > 2GB RAM.
o vmd(8) uses pledge(2) and the fork+exec model.
o vm.conf(5) expanded to include VM ownership rules (uid/gid).
o vmd(8)/ vm.conf(5) supports automatic bridge(4) and switch(4)
configuration for VM network interfaces.
o vmctl(8) supports graceful VM shutdown via vmmci(4).
- IEEE 802.11 wireless stack improvements:
o The ral(4) driver now supports Ralink RT3900E (RT5390, RT3292)
devices.
o The iwm(4) and iwn(4) drivers now support the short guard interval
(SGI) in 11n mode.
o Added a new implementation of MiRa, a rate adapation algorithm
designed for 802.11n.
o The iwm(4) driver now supports 802.11n MIMO (MCS 0-15).
o The athn(4) driver now supports 802.11n, featuring MIMO (MCS 0-15)
and hostap mode.
o The iwn(4) driver now receives MIMO frames in monitor mode.
o The rtwn(4) and urtwn(4) drivers now use AMRR rate adaptation
(8188EU and 8188CE devices only).
o TKIP/WPA1 was disabled by default because of inherent weaknesses
in this protocol.
- Generic network stack improvements:
o New switch(4) pseudo-device together with new switchd(8) and
switchctl(8) programs.
o New mobileip(4) operation mode for the gre(4) pseudo-device.
o Multipoint-to-multipoint mode in vxlan(4).
o route(8) and netstat -r display all routing flags correctly and
they are completely documented in the netstat(1) man page.
o When sending TCP streams they are locally stored in large mbuf
clusters to improve memory management. The maximum TCP send and
receive buffer size has been increased from 256KB to 2MB. Note
that this results in a different pf(4) OS fingerprint for OpenBSD.
The default limit for mbuf clusters has been increased. You can
check the values with netstat(1) -m and adjust them with sysctl(8)
kern.maxclusters.
o Make the TCP_NOPUSH flag work for listen(2) sockets. It is
inherited by the socket returned from accept(2).
o A lot of code has been removed or simplified to make the
transition to multi-processor easier. Redesign the interrupt and
multi-processor locks in the network stack.
o When passing packets from the network stack to the interface
layer, make sure that they have no pointers to pf(4) which could
result in a memory free operation at the wrong protection level.
o Fix checksum calculation in pf(4) af-to ICMP packet conversions.
Simplify af-to processing in and fix path MTU discovery in some
corner cases.
o Improve IPv6 fragment processing. Drop empty atomic fragments
early. Be more paranoid when IPv6 hop-by-hop headers appear after
fragment headers. Follow RFC 5722 "Handling of Overlapping IPv6
Fragments" more strictly in pf(4). RFC 8021 "IPv6 Atomic Fragments
Considered Harmful" deprecates generating atomic fragments, so do
not send them anymore.
o Depending on the addresses, ipsecctl(8) may automatically group SA
bundles together. To make clear what is going on, the kernel
provides this information and ipsecctl -s sa prints IPsec SA
bundles.
o A new routing socket message type, RTM_PROPOSAL, was added to
facilitate future improvements to the network configuration
process.
- Installer improvements:
o The installer now uses privilege separation for fetching and
verifying the install sets.
o Install sets are now fetched over an HTTPS connection by default
when using a mirror that supports it.
o The installer now considers all of the DHCP information in
filename, bootfile-name, server-name, tftp-server-name, and
next-server when attempting to do automatic installs or upgrades.
o The installer no longer adds a route to an alias IP via 127.0.0.1,
due to improvements in the kernel routing components.
- Routing daemons and other userland network improvements:
o ping(8) and ping6(8) are now the same binary and share the engine.
o ripd(8) now supports p2p links with addresses in different
subnets.
o UDP speakers can specify an IPv4 source address using
IP_SENDSRCADDR. iked(8) and snmpd(8) now use the proper source
address when sending replies.
o iked(8) now supports ECDSA and RFC 7427 signatures for
authentication.
o iked(8) now supports replying to IKEv2 responder cookies.
o Many fixes and improvements for iked(8) and ikectl(8), including
various fixes for rekeying.
o ospfd(8) and ospf6d(8) now cope with interface MTU change at
runtime.
o bgpd(8) now supports BGP Large Communities (RFC 8092).
o bgpd(8) now supports BGP Administrative Shutdown Communication
(draft-ietf-idr-shutdown).
- Security improvements:
o Enforcement of userland W^X on OCTEON Plus and later.
o All shared libraries, all dynamic and static-PIE executables, and
ld.so(1) itself use the RELRO ("read-only after relocation")
design such that more of the initial data is protected as
read-only.
o The size of user virtual address space has been increased from 2GB
to 1TB on mips64.
o PIE and -static -pie on arm.
o route6d(8) now runs with fewer privileges.
o For incoming TLS connections syslogd(8) can validate client
certificates with a given CA file.
o The privileged parent process of syslogd(8) calls exec(2) to
reshuffle its random memory layout.
o New function recallocarray(3) to reduce the risk of incorrect
clearing of memory before and after reallocarray(3).
o SHA512_256 family of functions added to libc.
o arm added to the list of archs where the setjmp(3) family of
functions apply XOR cookies to stack and return-address values in
the jmpbuf.
o printf(3) family of formatting functions now report to syslog when
the %s format is used with a NULL pointer.
o Heap buffer overflow detection has been improved when the C
malloc(3) option is used. The existing S option now includes C.
o Support for permitting non-root users to mount(8) filesystems has
been removed.
o bioctl(8) now uses bcrypt PBKDF to derive keys for crypto volumes.
- dhclient(8)/ dhcpd(8)/ dhcrelay(8) improvements:
o Add DHO_BOOTFILE_NAME and DHO_TFTP_SERVER to the options requested
by default.
o Add support for RFC 6842 (Client Identifier Option in DHCP Server
Replies).
o Stop leaking option data received on the udp socket.
o Stop pretending we use RFC 3046/Option 82/Relay Agent Information.
o Stop recording ignored DHO_ROUTERS and DHO_STATIC_ROUTES options
in the effective lease.
o Use only leases from no SSID or the current SSID when restarting.
o Reduce default values for various timeouts to something more
appropriate to modern networks.
o Fix issues with redundant dhcpd servers and CARP'd interfaces.
o Switch to standard logging functions
o Fix vis/unvis of strings in dhclient(8) leases files.
- Assorted improvements:
o New syspatch(8) utility for security and reliability binary
updates to the base system.
o acme-client(1), a privilege separated Automatic Certificate
Management Environment (ACME) client written by Kristaps Dzonsons
has been imported.
o New, simplified xenodm(1) X11 display manager forked from xdm(1).
o Unicode version 8 character properties in the C library.
o Partial UTF-8 line editing support for ksh(1) Vi input mode.
o UTF-8 support in column(1).
o The performance and concurrency of the malloc(3) family in
multi-threaded processes has been improved.
o Estonian keyboard support.
o read(2) on directories now fails instead of returning 0.
o Support for the RES_USE_EDNS0 and RES_USE_DNSSEC flags has been
added to the resolver(3) implementation.
o syslogd(8) limits the socket buffer for TCP and TLS connections to
64K to avoid wasting kernel memory.
o syslogd(8) supports the option -Z to print the timestamp in RFC
5424 ISO format. This logs everything in UTC including the year,
timezone and fractions of seconds. The default is still RFC 3164
BSD syslog time format.
o When log files are rotated, newsyslog(8) writes the creation time
in UTC ISO format into the first line.
o The syslogd(8) options -a, -T, and -U can be given more than once
to specify multiple input sources.
o Improve the syslogd(8) output and diagnostics in case the klog
buffer overflows.
o Make SIGHUP handling in syslogd(8) more reliable.
o Let syslogd(8) tolerate most errors on startup. Keep running and
receive messages from all working subsystems, but do not die.
o The syslog(3) priority of fatal and warning messages of various
daemons has been adjusted.
o An NMI sends the amd64 kernel into ddb(4) more reliably.
o ld.so(1) now supports the DT_PREINITARRAY, DT_INITARRAY,
DT_FINIARRAY, DT_FLAGS, and DT_RUNPATH dynamic tags.
o kdump(1) now dumps the fds returned by pipe(2) and socketpair(2).
o Added support to doas(1) for session-locked persistent
authentication.
o Use a hardware register for the thread pointer on arm for improved
performance in multi-threaded processes.
o SGI boot blocks now consult the OpenBSD disklabel(5) to locate the
root filesystem. This reduces constraints on disk partitioning.
o iec(4) no longer hangs when its transmit ring gets full.
o sq(4) has been fixed to accept broadcast frames in non-promiscuous
mode when no IP address is configured. This lets the interface
work with DHCP.
o Multiprocessor-safe PCI interrupt handlers are run without the
kernel lock on OpenBSD/sgi.
o fdisk(8) now unconditionally sets the size of the protective MBR's
EFI GPT partition to UINT32_MAX.
o fdisk(8) now respects the current MBR or GPT format when
initializing a disk.
o softraid(4) now uses sufficient parallel i/o's to efficiently
rebuild RAID5 volumes.
o asr now accepts UDP packets of up to 4096 bytes to account for
broken DNS servers.
o umass(4) no longer assumes that ATAPI or UFI devices have only 1
LUN.
o scsi(4) now correctly detects end of tape on LTO5 devices.
o httpd(8) supports SNI via libtls to allow for multiple https sites
on a single IP address.
o ocspheck(8) has been added, and can be used to check the OCSP
status of certificates. The corresponding responses can be saved
for later use in OCSP stapling.
o httpd(8) supports OCSP stapling via libtls to permit OCSP
responses to be stapled to the tls handshake
o nc(1) now also supports OCSP stapling server side, and will show
the stapling information client side.
o Both relayd(8) and httpd(8) support now TLS session resumption
using TLS session tickets. See the respective configuration man
page for more information.
o With the -f option sensorsd(8) can use an alternative config file.
- OpenSMTPD 6.0.0
o Added support for providing an alternate subaddressing delimiter.
o Made the daemon less verbose in logs when exiting.
o Improved the io layer to simplify code accross the daemon.
o Added support for matching authenticated sessions in the ruleset.
o Assorted code and documentation cleanups.
- OpenSSH 7.4
o Security:
- ssh-agent(1): Will now refuse to load PKCS#11 modules from
paths outside a trusted whitelist (run-time configurable).
Requests to load modules could be passed via agent forwarding
and an attacker could attempt to load a hostile PKCS#11
module across the forwarded agent channel: PKCS#11 modules
are shared libraries, so this would result in code execution
on the system running the ssh-agent if the attacker has
control of the forwarded agent-socket (on the host running
the sshd server) and the ability to write to the filesystem
of the host running ssh-agent (usually the host running the
ssh client).
- sshd(8): When privilege separation is disabled, forwarded
Unix- domain sockets would be created by sshd(8) with the
privileges of 'root' instead of the authenticated user. This
release refuses Unix-domain socket forwarding when privilege
separation is disabled (Privilege separation has been enabled
by default for 14 years).
- sshd(8): Avoid theoretical leak of host private key material
to privilege-separated child processes via realloc() when
reading keys. No such leak was observed in practice for
normal-sized keys, nor does a leak to the child processes
directly expose key material to unprivileged users.
- sshd(8): The shared memory manager used by pre-authentication
compression support had a bounds checks that could be elided
by some optimising compilers. Additionally, this memory
manager was incorrectly accessible when pre-authentication
compression was disabled. This could potentially allow
attacks against the privileged monitor process from the
sandboxed privilege-separation process (a compromise of the
latter would be required first). This release removes support
for pre-authentication compression from sshd(8).
- sshd(8): Fix denial-of-service condition where an attacker
who sends multiple KEXINIT messages may consume up to 128MB
per connection.
- sshd(8): Validate address ranges for AllowUser and DenyUsers
directives at configuration load time and refuse to accept
invalid ones. It was previously possible to specify invalid
CIDR address ranges (e.g. user@127.1.2.3/55) and these would
always match, possibly resulting in granting access where it
was not intended.
- ssh(1), sshd(8): Fix weakness in CBC padding oracle
countermeasures that allowed a variant of the attack fixed in
OpenSSH 7.3 to proceed.
o New/changed features:
- Server support for the SSH v.1 protocol has been removed.
- ssh(1): Remove 3des-cbc from the client's default proposal.
64-bit block ciphers are not safe in 2016 and we don't want
to wait until attacks like SWEET32 are extended to SSH. As
3des-cbc was the only mandatory cipher in the SSH RFCs, this
may cause problems connecting to older devices using the
default configuration, but it's highly likely that such
devices already need explicit configuration for key exchange
and hostkey algorithms already anyway.
- sshd(8): Remove support for pre-authentication compression.
Doing compression early in the protocol probably seemed
reasonable in the 1990s, but today it's clearly a bad idea in
terms of both cryptography (cf. multiple compression oracle
attacks in TLS) and attack surface. Pre-auth compression
support has been disabled by default for >10 years. Support
remains in the client.
- ssh-agent will refuse to load PKCS#11 modules outside a
whitelist of trusted paths by default. The path whitelist may
be specified at run-time.
- sshd(8): When a forced-command appears in both a certificate
and an authorized keys/principals command= restriction, sshd
will now refuse to accept the certificate unless they are
identical. The previous (documented) behaviour of having the
certificate forced-command override the other could be a bit
confusing and error-prone.
- sshd(8): Remove the UseLogin configuration directive and
support for having /bin/login manage login sessions.
- ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by
the version in PuTTY by Simon Tatham. This allows a
multiplexing client to communicate with the master process
using a subset of the SSH packet and channels protocol over a
Unix-domain socket, with the main process acting as a proxy
that translates channel IDs, etc. This allows multiplexing
mode to run on systems that lack file- descriptor passing
(used by current multiplexing code) and potentially, in
conjunction with Unix-domain socket forwarding, with the
client and multiplexing master process on different machines.
Multiplexing proxy mode may be invoked using "ssh -O proxy
..."
- sshd(8): Add a sshd_config DisableForwarding option that
disables X11, agent, TCP, tunnel and Unix domain socket
forwarding, as well as anything else we might implement in
the future. Like the 'restrict' authorized_keys flag, this is
intended to be a simple and future-proof way of restricting
an account.
- sshd(8), ssh(1): Support the "curve25519-sha256" key exchange
method. This is identical to the currently-supported method
named "curve25519-sha256@libssh.org".
- sshd(8): Improve handling of SIGHUP by checking to see if
sshd is already daemonised at startup and skipping the call
to daemon(3) if it is. This ensures that a SIGHUP restart of
sshd(8) will retain the same process-ID as the initial
execution. sshd(8) will also now unlink the PidFile prior to
SIGHUP restart and re-create it after a successful restart,
rather than leaving a stale file in the case of a
configuration error.
- sshd(8): Allow ClientAliveInterval and ClientAliveCountMax
directives to appear in sshd_config Match blocks.
- sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to
match those supported by AuthorizedKeysCommand (key, key
type, fingerprint, etc.) and a few more to provide access to
the contents of the certificate being offered.
- Added regression tests for string matching, address matching
and string sanitisation functions.
- Improved the key exchange fuzzer harness.
- Deprecate the sshd_config UsePrivilegeSeparation option,
thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years and
sandboxing has been on by default for almost the last five.
- ssh(1), sshd(8): Support "=-" syntax to easily remove methods
from algorithm lists, e.g. Ciphers=-*cbc.
o The following significant bugs have been fixed in this release:
- ssh(1): Allow IdentityFile to successfully load and use
certificates that have no corresponding bare public key.
certificate id_rsa-cert.pub (and no id_rsa.pub).
- ssh(1): Fix public key authentication when multiple
authentication is in use and publickey is not just the first
method attempted.
- ssh-agent(1), ssh(1): improve reporting when attempting to
load keys from PKCS#11 tokens with fewer useless log messages
and more detail in debug messages.
- ssh(1): When tearing down ControlMaster connections, don't
pollute stderr when LogLevel=quiet.
- sftp(1): On ^Z wait for underlying ssh(1) to suspend before
suspending sftp(1) to ensure that ssh(1) restores the
terminal mode correctly if suspended during a password
prompt.
- ssh(1): Avoid busy-wait when ssh(1) is suspended during a
password prompt.
- ssh(1), sshd(8): Correctly report errors during sending of
ext- info messages.
- sshd(8): fix NULL-deref crash if sshd(8) received an out-of-
sequence NEWKEYS message.
- sshd(8): Correct list of supported signature algorithms sent
in the server-sig-algs extension.
- sshd(8): Fix sending ext_info message if privsep is disabled.
- sshd(8): more strictly enforce the expected ordering of
privilege separation monitor calls used for authentication
and allow them only when their respective authentication
methods are enabled in the configuration
- sshd(8): Fix uninitialised optlen in getsockopt() call;
harmless on Unix/BSD but potentially crashy on Cygwin.
- Fix false positive reports caused by explicit_bzero(3) not
being recognised as a memory initialiser when compiled with
-fsanitize-memory.
- sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet
for configuration examples.
- sshd(1): Fix NULL dereference crash when key exchange start
messages are sent out of sequence.
- ssh(1), sshd(8): Allow form-feed characters to appear in
configuration files.
- sshd(8): Fix regression in OpenSSH 7.4 support for the
server-sig-algs extension, where SHA2 RSA signature methods
were not being correctly advertised.
- ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs
in known_hosts processing.
- ssh(1): Allow ssh to use certificates accompanied by a
private key file but no corresponding plain *.pub public key.
- ssh(1): When updating hostkeys using the UpdateHostKeys
option, accept RSA keys if HostkeyAlgorithms contains any RSA
keytype. Previously, ssh could ignore RSA keys when only the
ssh-rsa-sha2-* methods were enabled in HostkeyAlgorithms and
not the old ssh-rsa method.
- ssh(1): Detect and report excessively long configuration file
lines.
- Merge a number of fixes found by Coverity and reported via
Redhat and FreeBSD. Includes fixes for some memory and file
descriptor leaks in error paths.
- ssh-keyscan(1): Correctly hash hosts with a port number.
- ssh(1), sshd(8): When logging long messages to stderr, don't
truncate "\r\n" if the length of the message exceeds the
buffer.
- ssh(1): Fully quote [host]:port in generated ProxyJump/-J
command- line; avoid confusion over IPv6 addresses and shells
that treat square bracket characters specially.
- ssh-keygen(1): Fix corruption of known_hosts when running
"ssh-keygen -H" on a known_hosts containing already-hashed
entries.
- Fix various fallout and sharp edges caused by removing SSH
protocol 1 support from the server, including the server
banner string being incorrectly terminated with only \n
(instead of \r\n), confusing error messages from ssh-keyscan
a segfault in sshd if protocol v.1 was enabled for the client
and sshd_config contained references to legacy keys.
- ssh(1), sshd(8): Free fd_set on connection timeout.
- sshd(8): Fix Unix domain socket forwarding for root
(regression in OpenSSH 7.4).
- sftp(1): Fix division by zero crash in "df" output when
server returns zero total filesystem blocks/inodes.
- ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL
errors encountered during key loading to more meaningful
error codes.
- ssh-keygen(1): Sanitise escape sequences in key comments sent
to printf but preserve valid UTF-8 when the locale supports
it.
- ssh(1), sshd(8): Return reason for port forwarding failures
where feasible rather than always "administratively
prohibited".
- sshd(8): Fix deadlock when AuthorizedKeysCommand or
AuthorizedPrincipalsCommand produces a lot of output and a
key is matched early.
- ssh(1): Fix typo in ~C error message for bad port forward
cancellation.
- ssh(1): Show a useful error message when included config
files can't be opened.
- sshd(8): Make sshd set GSSAPIStrictAcceptorCheck=yes as the
manual page (previously incorrectly) advertised.
- sshd_config(5): Repair accidentally-deleted mention of %k
token in AuthorizedKeysCommand.
- sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM;
- ssh-agent(1): Relax PKCS#11 whitelist to include libexec and
common 32-bit compatibility library directories.
- sftp-client(1): Fix non-exploitable integer overflow in
SSH2_FXP_NAME response handling.
- ssh-agent(1): Fix regression in 7.4 of deleting
PKCS#11-hosted keys. It was not possible to delete them
except by specifying their full physical path.
- LibreSSL 2.5.3
o libtls now supports ALPN and SNI
o libtls adds a new callback interface for integrating custom IO
functions. Thanks to Tobias Pape.
o libtls now handles 4 cipher suite groups:
- "secure" (TLSv1.2+AEAD+PFS)
- "compat" (HIGH:!aNULL)
- "legacy" (HIGH:MEDIUM:!aNULL)
- "insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes (an issue raised by Marko Kreen some time
ago).
o Tightened error handling for tls_config_set_ciphers().
o libtls now always loads CA, key and certificate files at the time
the configuration function is called. This simplifies code and
results in a single memory based code path being used to provide
data to libssl.
o Added support for OCSP intermediate certificates.
o Added X509_check_host(), X509_check_email(), X509_check_ip(), and
X509_check_ip_asc() functions, via BoringSSL.
o Added initial support for iOS, thanks to Jacob Berkman.
o Improved behavior of arc4random on Windows when using memory leak
analysis software.
o Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from
Marko Kreen.
o Limit the support of the "backward compatible" SSLv2 handshake to
only be used if TLS 1.0 is enabled.
o Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
o Added constant-time updates to address CVE-2016-0702.
o Fixed undefined behavior in BN_GF2m_mod_arr().
o Removed unused Cryptographic Message Support (CMS).
o More conversions of long long idioms to time_t.
o Improved compatibility by avoiding printing NULL strings with
printf.
o Reverted change that cleans up the EVP cipher context in
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on
the previous behaviour.
o Avoid unbounded memory growth in libssl, which can be triggered by
a TLS client repeatedly renegotiating and sending OCSP Status
Request TLS extensions.
o Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
o X509_cmp_time() now passes a malformed GeneralizedTime field as an
error. Reported by Theofilos Petsios.
o Check for and handle failure of HMAC_{Update,Final} or
EVP_DecryptUpdate().
o Massive update and normalization of manpages, conversion to mandoc
format. Many pages were rewritten for clarity and accuracy.
Portable doc links are up-to-date with a new conversion tool.
o Curve25519 and TLS X25519 Key Exchange support.
o Support for alternate chains for certificate verification.
o Code cleanups, CBB conversions, further unification of DTLS/SSL
handshake code, further ASN1 macro expansion and removal.
o Private symbols are now hidden in libssl and libcrypto.
o Friendly certificate verification error messages in libtls, peer
verification is now always enabled.
o Added OCSP stapling support to libtls and nc.
o Added ocspcheck utility to validate a certificate against its OCSP
responder and save the reply for stapling
o Enhanced regression tests and error handling for libtls.
o Added explicit constant and non-constant time BN functions,
defaulting to constant time wherever possible.
o Moved many leaked implementation details in public structs behind
opaque pointers.
o Added ticket support to libtls.
o Added support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the
previous SSL{_CTX}_set1_curves{_list} names. This also changes the
default list of curves to be X25519, P-256 and P-384. All other
curves must be manually enabled.
o Added -groups option to openssl(1) s_client for specifying the
curves to be used in a colon-separated list.
o Merged client/server version negotiation code paths into one,
reducing much duplicate code.
o Removed error function codes from libssl and libcrypto.
o Fixed an issue where a truncated packet could crash via an OOB
read.
o Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
client-initiated renegotiation. This is the default for libtls
servers.
o Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being
used without the constant time flag being set. Reported by Cesar
Pereida Garcia and Billy Brumley (Tampere University of
Technology). The fix was developed by Cesar Pereida Garcia.
o iOS and MacOS compatibility updates from Simone Basso and Jacob
Berkman.
o Added the recallocarray(3) memory allocation function, and
converted various places in the library to use it, such as CBB and
BUF_MEM_grow. recallocarray(3) is similar to reallocarray. Newly
allocated memory is cleared similar to calloc(3). Memory that
becomes unallocated while shrinking or moving existing allocations
is explicitly discarded by unmapping or clearing to 0.
o Added new root CAs from SECOM Trust Systems / Security
Communication of Japan.
o Added EVP interface for MD5+SHA1 hashes.
o Improved nc(1) TLS handshake CPU usage and server-side error
reporting.
o Added a constant time version of BN_gcd and use it default for
BN_gcd to avoid the possibility of sidechannel timing attacks
against RSA private key generation - Thanks to Alejandro Cabrera
- mandoc 1.14.1
o New mandoc.db(5) file format: man(1), apropos(1), and
makewhatis(8) no longer need SQLite3.
o Much improved HTML output and CSS.
o In man(1), internal searching with less(1) :t has been improved.
o New mandoc(1) -mdoc -T markdown output mode (already a post-1.14.1
feature).
- Ports and packages:
o Many pre-built packages for each architecture:
- alpha: 7413 - mips64: 8072
- amd64: 9714 - mips64el: 6880
- arm: 7501 - powerpc: 7703
- hppa: 6422 - sparc64: 8606
- i386: 9697
- Some highlights:
o Afl 2.39b o Mutt 1.8.0
o Chromium 57.0.2987.133 o Node.js 6.10.1
o Emacs 21.4 and 24.5 o Ocaml 4.03.0
o GCC 4.9.4 o OpenLDAP 2.3.43 and 2.4.44
o GHC 7.10.3 o PHP 5.5.38, 5.6.30 and 7.0.16
o Gimp 2.8.18 o Postfix 3.2.0 and 3.3-20170218
o GNOME 3.22.2 o PostgreSQL 9.6.2
o Go 1.8 o Python 2.7.13, 3.4.5, 3.5.2 and
o Groff 1.22.3 3.6.0
o JDK 7u80 and 8u121 o R 3.3.3
o KDE 3.5.10 and 4.14.3 (plus o Ruby 1.8.7.374, 2.1.9, 2.2.6,
KDE4 core updates) 2.3.3 and 2.4.1
o LLVM/Clang 4.0.0 o Rust 1.16.0
o LibreOffice 5.2.4.2 o Sendmail 8.15.2
o Lua 5.1.5, 5.2.4, and 5.3.4 o SQLite 3.17.0
o MariaDB 10.0.30 o Sudo 1.8.19.2
o Mono 4.6.2.6 o Tcl/Tk 8.5.18 and 8.6.4
o Mozilla Firefox 52.0.2esr and o TeX Live 2015
52.0.2 o Vim 8.0.0388
o Mozilla Thunderbird 45.8.0 o Xfce 4.12
- As usual, steady improvements in manual pages and other documentation.
- The system includes the following major components from outside suppliers:
o Xenocara (based on X.Org 7.7 with xserver 1.18.3 + patches,
freetype 2.7.1, fontconfig 2.12.1, Mesa 13.0.6, xterm 327,
xkeyboard-config 2.20 and more)
o LLVM/Clang 4.0.0 (+ patches)
o GCC 4.2.1 (+ patches) and 3.3.6 (+ patches)
o Perl 5.24.1 (+ patches)
o NSD 4.1.15
o Unbound 1.6.1
o Ncurses 5.7
o Binutils 2.17 (+ patches)
o Gdb 6.3 (+ patches)
o Awk Aug 10, 2011 version
o Expat 2.1.1
If you'd like to see a list of what has changed between OpenBSD 6.0
and 6.1, look at
http://www.OpenBSD.org/plus61.html
Even though the list is a summary of the most important changes
made to OpenBSD, it still is a very very long list.
------------------------------------------------------------------------
- SECURITY AND ERRATA --------------------------------------------------
We provide patches for known security threats and other important
issues discovered after each release. Our continued research into
security means we will find new security problems -- and we always
provide patches as soon as possible. Therefore, we advise regular
visits to
http://www.OpenBSD.org/security.html
and
http://www.OpenBSD.org/errata.html
------------------------------------------------------------------------
- MAILING LISTS AND FAQ ------------------------------------------------
Mailing lists are an important means of communication among users and
developers of OpenBSD. For information on OpenBSD mailing lists, please
see:
http://www.OpenBSD.org/mail.html
You are also encouraged to read the Frequently Asked Questions (FAQ) at:
http://www.OpenBSD.org/faq/
------------------------------------------------------------------------
- DONATIONS ------------------------------------------------------------
The OpenBSD Project is volunteer-driven software group funded by
donations. Besides OpenBSD itself, we also develop important software
like OpenSSH, LibreSSL, OpenNTPD, OpenSMTPD, the ubiquitous pf packet
filter, the quality work of our ports development process, and many
others. This ecosystem is all handled under the same funding umbrella.
We hope our quality software will result in contributions that maintain
our build/development infrastructure, pay our electrical/internet costs,
and allow us to continue operating very productive developer hackathon
events.
All of our developers strongly urge you to donate and support our future
efforts. Donations to the project are highly appreciated, and are
described in more detail at:
http://www.OpenBSD.org/donations.html
------------------------------------------------------------------------
- OPENBSD FOUNDATION ---------------------------------------------------
For those unable to make their contributions as straightforward gifts,
the OpenBSD Foundation (http://www.openbsdfoundation.org) is a Canadian
not-for-profit corporation that can accept larger contributions and
issue receipts. In some situations, their receipt may qualify as a
business expense write-off, so this is certainly a consideration for
some organizations or businesses.
There may also be exposure benefits since the Foundation may be
interested in participating in press releases. In turn, the Foundation
then uses these contributions to assist OpenBSD's infrastructure needs.
Contact the foundation directors at directors@openbsdfoundation.org for
more information.
------------------------------------------------------------------------
- RELEASE SONGS --------------------------------------------------------
Every OpenBSD release is accompanied by artwork and a song. OpenBSD 6.1
comes with the song "Winter of 95".
Lyrics (and an explanation) of the song may be found at:
http://www.OpenBSD.org/lyrics.html#61
------------------------------------------------------------------------
- HTTP INSTALLS --------------------------------------------------------
OpenBSD can be easily installed via HTTP downloads. Typically you need
a single small piece of boot media (e.g., a USB flash drive) and then
the rest of the files can be installed from a number of locations,
including directly off the Internet. Follow this simple set of
instructions to ensure that you find all of the documentation you will
need while performing an install via HTTP.
1) Read either of the following two files for a list of HTTP
mirrors which provide OpenBSD, then choose one near you:
http://www.OpenBSD.org/ftp.html
http://ftp.openbsd.org/pub/OpenBSD/ftplist
As of April 11, 2017, the following HTTP mirror sites have the 6.1 release:
http://ftp.eu.openbsd.org/pub/OpenBSD/6.1/ Stockholm, Sweden
http://ftp.bytemine.net/pub/OpenBSD/6.1/ Oldenburg, Germany
http://ftp.ch.openbsd.org/pub/OpenBSD/6.1/ Zurich, Switzerland
http://ftp.fr.openbsd.org/pub/OpenBSD/6.1/ Paris, France
http://ftp5.eu.openbsd.org/pub/OpenBSD/6.1/ Vienna, Austria
http://mirror.aarnet.edu.au/pub/OpenBSD/6.1/ Brisbane, Australia
http://ftp.usa.openbsd.org/pub/OpenBSD/6.1/ CO, USA
http://ftp5.usa.openbsd.org/pub/OpenBSD/6.1/ CA, USA
http://mirror.esc7.net/pub/OpenBSD/6.1/ TX, USA
The release is also available at the master site:
http://ftp.openbsd.org/pub/OpenBSD/6.1/ Alberta, Canada
However it is strongly suggested you use a mirror.
Other mirror sites may take a day or two to update.
2) Connect to that HTTP mirror site and go into the directory
pub/OpenBSD/6.1/ which contains these files and directories.
This is a list of what you will see:
ANNOUNCEMENT amd64/ luna88k/ sgi/
Changelogs/ arm64/ macppc/ sparc64/
README armv7/ octeon/ src.tar.gz
SHA256 hppa/ packages/ sys.tar.gz
SHA256.sig i386/ ports.tar.gz tools/
alpha/ landisk/ root.mail xenocara.tar.gz
It is quite likely that you will want at LEAST the following
files which apply to all the architectures OpenBSD supports.
README - generic README
root.mail - a copy of root's mail at initial login.
(This is really worthwhile reading).
3) Read the README file. It is short, and a quick read will make
sure you understand what else you need to fetch.
4) Next, go into the directory that applies to your architecture,
for example, amd64. This is a list of what you will see:
BOOTIA32.EFI* bsd* floppy61.fs pxeboot*
BOOTX64.EFI* bsd.mp* game61.tgz xbase61.tgz
BUILDINFO bsd.rd* index.txt xfont61.tgz
INSTALL.amd64 cd61.iso install61.fs xserv61.tgz
SHA256 cdboot* install61.iso xshare61.tgz
SHA256.sig cdbr* man61.tgz
base61.tgz comp61.tgz miniroot61.fs
If you are new to OpenBSD, fetch _at least_ the file INSTALL.amd64
and install61.iso. The install61.iso file (roughly 220MB in size)
is a one-step ISO-format install CD image which contains the various
*.tgz files so you do not need to fetch them separately.
If you prefer to use a USB flash drive, fetch install61.fs and
follow the instructions in INSTALL.amd64.
5) If you are an expert, follow the instructions in the file called
README; otherwise, use the more complete instructions in the
file called INSTALL.amd64. INSTALL.amd64 may tell you that you
need to fetch other files.
6) Just in case, take a peek at:
http://www.OpenBSD.org/errata.html
This is the page where we talk about the mistakes we made while
creating the 6.1 release, or the significant bugs we fixed
post-release which we think our users should have fixes for.
Patches and workarounds are clearly described there.
------------------------------------------------------------------------
- X.ORG FOR MOST ARCHITECTURES -----------------------------------------
X.Org has been integrated more closely into the system. This release
contains X.Org 7.7. Most of our architectures ship with X.Org, including
amd64, sparc64 and macppc. During installation, you can install X.Org
quite easily. Be sure to try out xenodm(1), our new, simplified X11
display manager forked from xdm(1).
------------------------------------------------------------------------
- PACKAGES AND PORTS ---------------------------------------------------
Many third party software applications have been ported to OpenBSD and
can be installed as pre-compiled binary packages on the various OpenBSD
architectures. Please see http://www.openbsd.org/faq/faq15.html for
more information on working with packages and ports.
Note: a few popular ports, e.g., NSD, Unbound, and several X
applications, come standard with OpenBSD and do not need to be installed
separately.
------------------------------------------------------------------------
- SYSTEM SOURCE CODE ---------------------------------------------------
The source code for all four subsystems can be found in the
pub/OpenBSD/6.1/ directory:
xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz
The README (http://ftp.OpenBSD.org/pub/OpenBSD/6.1/README) file explains
how to deal with these source files.
------------------------------------------------------------------------
- THANKS ---------------------------------------------------------------
Ports tree and package building by Pierre-Emmanuel Andre, Landry Breuil,
Visa Hankala, Stuart Henderson, Peter Hessler, Paul Irofti, and
Christian Weisgerber. Base and X system builds by Kenji Aoyama,
Theo de Raadt, Jonathan Gray, and Visa Hankala.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who bought our previous CD sets. Those who did not
support us financially have still helped us with our goal of improving
the quality of the software.
Our developers are:
Aaron Bieber, Adam Wolk, Alexander Bluhm, Alexander Hall,
Alexandr Nedvedicky, Alexandr Shadchin, Alexandre Ratchov,
Andrew Fresh, Anil Madhavapeddy, Anthony J. Bentley,
Antoine Jacoutot, Benoit Lecocq, Bob Beck, Brandon Mercer,
Brent Cook, Bret Lambert, Bryan Steele, Can Erkin Acar,
Charles Longeau, Chris Cappuccio, Christian Weisgerber,
Christopher Zimmermann, Claudio Jeker, Dale Rahn, Damien Miller,
Daniel Boulet, Daniel Dickman, Daniel Jakots, Darren Tucker,
David Coppa, David Gwynne, David Hill, Dmitrij Czarkoff, Doug Hogan,
Edd Barrett, Eric Faurot, Florian Obser, Frederic Cambus,
Gerhard Roth, Giannis Tsaraias, Gilles Chehade, Giovanni Bechis,
Gleydson Soares, Gonzalo L. Rodriguez, Henning Brauer, Ian Darwin,
Igor Sobrado, Ingo Feinerer, Ingo Schwarze, Inoguchi Kinichiro,
James Turner, Jason McIntyre, Jasper Lievisse Adriaanse,
Jeremie Courreges-Anglas, Jeremy Evans, Joel Sing, Joerg Jung,
Jonathan Armani, Jonathan Gray, Jonathan Matthew, Joris Vink,
Joshua Stein, Juan Francisco Cantero Hurtado, Kazuya Goda,
Kenji Aoyama, Kenneth R Westerback, Kent R. Spillner,
Kirill Bychkov, Kurt Miller, Landry Breuil, Lawrence Teo,
Luke Tymowski, Marc Espie, Marcus Glocker, Mark Kettenis,
Mark Lumsden, Markus Friedl, Martijn van Duren, Martin Natano,
Martin Pieuchot, Martynas Venckus, Mats O Jansson, Matthew Dempsky,
Matthias Kilian, Matthieu Herrb, Michal Mazurek, Mike Belopuhov,
Mike Larkin, Miod Vallat, Nayden Markatchev, Nicholas Marriott,
Nigel Taylor, Okan Demirmen, Otto Moerbeek, Pascal Stumpf,
Patrick Wildt, Paul Irofti, Peter Hessler, Philip Guenther,
Pierre-Emmanuel Andre, Rafael Zalamena, Remi Pointel,
Renato Westphal, Reyk Floeter, Ricardo Mestre, Richard Procter,
Robert Nagy, Robert Peichaer, Sasano Takayoshi, Sebastian Benoit,
Sebastian Reitenbach, Sebastien Marie, Stefan Fritsch, Stefan Kempf,
Stefan Sperling, Steven Mestdagh, Stuart Cassoff, Stuart Henderson,
Sunil Nimmagadda, T.J. Townsend, Ted Unangst, Theo Buehler,
Theo de Raadt, Tim van der Molen, Tobias Stoeckmann, Todd C. Miller,
Tom Cosgrove, Ulf Brosziewski, Vadim Zhukov, Vincent Gross,
Visa Hankala, Yasuoka Masahiko, Yojiro Uo